Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Weakness ID:79
Version:v4.17
Weakness Name:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Stable
Likelihood of Exploit:High
DetailsContent HistoryObserved CVE ExamplesReports
▼Submissions
Submission DateRelease DateSubmitterOrganizationVersionComment
2006-07-192006-07-19PLOVERN/ADraft 3

N/A

Submission Date: 2006-07-19

Release Date: 2006-07-19

Submitter: PLOVER

Organization: N/A

Version: Draft 3

Comment:

N/A

▼Modifications
Modification DateRelease DateModifierOrganizationVersionImportanceComment
2008-07-012008-09-09Eric DalciCigital1.0N/A

updated Time_of_Introduction

2008-08-152008-09-09N/AVeracode1.0N/A

Suggested OWASP Top Ten 2004 mapping

2008-09-08N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities

2009-01-12N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships

2009-03-10N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2009-05-27N/ACWE Content TeamMITREN/AN/A

updated Name

2009-07-27N/ACWE Content TeamMITREN/AN/A

updated Description

2009-10-29N/ACWE Content TeamMITREN/AN/A

updated Observed_Examples, Relationships

2009-12-28N/ACWE Content TeamMITREN/AN/A

updated Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Observed_Examples

2010-02-16N/ACWE Content TeamMITREN/AN/A

updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings

2010-04-05N/ACWE Content TeamMITREN/AN/A

updated Description, Potential_Mitigations, Related_Attack_Patterns

2010-06-21N/ACWE Content TeamMITREN/AN/A

updated Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships

2010-09-27N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2011-03-29N/ACWE Content TeamMITREN/AN/A

updated Demonstrative_Examples, References

2011-06-01N/ACWE Content TeamMITREN/AN/A

updated Common_Consequences

2011-06-27N/ACWE Content TeamMITREN/AN/A

updated Relationships

2011-09-13N/ACWE Content TeamMITREN/AN/A

updated Detection_Factors, Potential_Mitigations

2012-05-11N/ACWE Content TeamMITREN/AN/A

updated References, Relationships

2012-10-30N/ACWE Content TeamMITREN/AN/A

updated Potential_Mitigations

2013-07-17N/ACWE Content TeamMITREN/AN/A

updated Relationships

2014-07-30N/ACWE Content TeamMITREN/AN/A

updated Relationships, Taxonomy_Mappings

2015-12-07N/ACWE Content TeamMITREN/AN/A

updated Relationships

2017-01-19N/ACWE Content TeamMITREN/AN/A

updated Related_Attack_Patterns

2017-05-03N/ACWE Content TeamMITREN/AN/A

updated Related_Attack_Patterns, Relationships

2017-11-08N/ACWE Content TeamMITREN/AN/A

updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships

2018-03-27N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Demonstrative_Examples, Description, Observed_Examples, References, Relationship_Notes, Relationships

2019-01-03N/ACWE Content TeamMITREN/AN/A

updated References, Relationships, Taxonomy_Mappings

2019-09-19N/ACWE Content TeamMITREN/AN/A

updated Relationships

2020-02-24N/ACWE Content TeamMITREN/AN/A

updated Applicable_Platforms, Potential_Mitigations, Relationships

2020-06-25N/ACWE Content TeamMITREN/AN/A

updated Observed_Examples, Potential_Mitigations

2020-08-20N/ACWE Content TeamMITREN/AN/A

updated Relationships

2020-12-10N/ACWE Content TeamMITREN/AN/A

updated Relationships

2021-03-15N/ACWE Content TeamMITREN/AN/A

updated Demonstrative_Examples, Description

2021-07-20N/ACWE Content TeamMITREN/AN/A

updated Relationships

2021-10-28N/ACWE Content TeamMITREN/AN/A

updated Relationships

2022-06-28N/ACWE Content TeamMITREN/AN/A

updated Observed_Examples, Relationships

2022-10-13N/ACWE Content TeamMITREN/AN/A

updated Background_Details, Observed_Examples

2023-01-31N/ACWE Content TeamMITREN/AN/A

updated Alternate_Terms, Demonstrative_Examples, Description

2023-04-27N/ACWE Content TeamMITREN/AN/A

updated References, Relationships, Time_of_Introduction

2023-06-29N/ACWE Content TeamMITREN/AN/A

updated Mapping_Notes, Relationships

2024-02-292024-02-29CWE Content TeamMITRE4.14N/A

updated Relationships

2024-11-192024-11-19CWE Content TeamMITRE4.16N/A

updated Relationships

2025-04-032025-04-03CWE Content TeamMITRE4.17N/A

updated Alternate_Terms, Common_Consequences, Description, Diagram, Other_Notes

Modification Date: 2008-07-01

Release Date: 2008-09-09

Modifier: Eric Dalci

Organization: Cigital

Version: 1.0

Importance: N/A

Comment:

updated Time_of_Introduction

Modification Date: 2008-08-15

Release Date: 2008-09-09

Modifier: N/A

Organization: Veracode

Version: 1.0

Importance: N/A

Comment:

Suggested OWASP Top Ten 2004 mapping

Modification Date: 2008-09-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities

Modification Date: 2009-01-12

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships

Modification Date: 2009-03-10

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2009-05-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Name

Modification Date: 2009-07-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description

Modification Date: 2009-10-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Observed_Examples, Relationships

Modification Date: 2009-12-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Observed_Examples

Modification Date: 2010-02-16

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings

Modification Date: 2010-04-05

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Description, Potential_Mitigations, Related_Attack_Patterns

Modification Date: 2010-06-21

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships

Modification Date: 2010-09-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2011-03-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples, References

Modification Date: 2011-06-01

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Common_Consequences

Modification Date: 2011-06-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2011-09-13

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Detection_Factors, Potential_Mitigations

Modification Date: 2012-05-11

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated References, Relationships

Modification Date: 2012-10-30

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Potential_Mitigations

Modification Date: 2013-07-17

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2014-07-30

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships, Taxonomy_Mappings

Modification Date: 2015-12-07

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2017-01-19

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Related_Attack_Patterns

Modification Date: 2017-05-03

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Related_Attack_Patterns, Relationships

Modification Date: 2017-11-08

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships

Modification Date: 2018-03-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Demonstrative_Examples, Description, Observed_Examples, References, Relationship_Notes, Relationships

Modification Date: 2019-01-03

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated References, Relationships, Taxonomy_Mappings

Modification Date: 2019-09-19

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2020-02-24

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Applicable_Platforms, Potential_Mitigations, Relationships

Modification Date: 2020-06-25

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Observed_Examples, Potential_Mitigations

Modification Date: 2020-08-20

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2020-12-10

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2021-03-15

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Demonstrative_Examples, Description

Modification Date: 2021-07-20

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2021-10-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Relationships

Modification Date: 2022-06-28

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Observed_Examples, Relationships

Modification Date: 2022-10-13

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Background_Details, Observed_Examples

Modification Date: 2023-01-31

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Alternate_Terms, Demonstrative_Examples, Description

Modification Date: 2023-04-27

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated References, Relationships, Time_of_Introduction

Modification Date: 2023-06-29

Release Date: N/A

Modifier: CWE Content Team

Organization: MITRE

Version: N/A

Importance: N/A

Comment:

updated Mapping_Notes, Relationships

Modification Date: 2024-02-29

Release Date: 2024-02-29

Modifier: CWE Content Team

Organization: MITRE

Version: 4.14

Importance: N/A

Comment:

updated Relationships

Modification Date: 2024-11-19

Release Date: 2024-11-19

Modifier: CWE Content Team

Organization: MITRE

Version: 4.16

Importance: N/A

Comment:

updated Relationships

Modification Date: 2025-04-03

Release Date: 2025-04-03

Modifier: CWE Content Team

Organization: MITRE

Version: 4.17

Importance: N/A

Comment:

updated Alternate_Terms, Common_Consequences, Description, Diagram, Other_Notes

▼Contributions
Contributor DateRelease DateTypeContributorOrganizationVersionComment
2025-03-102025-04-03ContentAbhi BalakrishnanN/A4.17

Provided diagram to improve CWE usability.

Contributor Date: 2025-03-10

Release Date: 2025-04-03

Type: Content

Contributor: Abhi Balakrishnan

Organization: N/A

Version: 4.17

Comment:

Provided diagram to improve CWE usability.

▼Previous Name Entries
Change DatePrevious Entry NameVersion
2008-04-11

Cross-site Scripting (XSS)

N/A
2009-01-12

Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))

N/A
2009-05-27

Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')

N/A
2010-06-21

Failure to Preserve Web Page Structure ('Cross-site Scripting')

N/A

Change Date: 2008-04-11

Version: N/A

Previous Entry Name: Cross-site Scripting (XSS)

Change Date: 2009-01-12

Version: N/A

Previous Entry Name: Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))

Change Date: 2009-05-27

Version: N/A

Previous Entry Name: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')

Change Date: 2010-06-21

Version: N/A

Previous Entry Name: Failure to Preserve Web Page Structure ('Cross-site Scripting')